Even if you stick to official app stores, you could end up downloading a malicious app, which is exactly what happened to 50,000 Android users who accidentally installed a dangerous banking trojan on their devices.
As reported by BleepingComputer, the Anatsa banking trojan is back as part of a new campaign that uses a malicious app posing as a PDF viewer to infect unsuspecting users of the best Android phones.
The discovery was made by security researchers at Threat Fabric who have been tracking Anatsa for years. The banking trojan is often hidden in popular utilities, and to date, it has been downloaded almost a million times.
What makes malware like this particularly dangerous is that it’s designed to target popular banking and finance apps. From JP Morgan to Capital One to TD Bank and others, Anatsa can impersonate them all and the banking trojan does this through overlay attacks. While you might think you’re logging into your bank account, if your phone is infected, you’re actually handing over your credentials to hackers who can then use them to drain your accounts and steal your hard-earned cash.
Here’s everything you need to know about this latest Anasta campaign, including some tips and tricks to help keep you and your devices safe from Android malware.
Hiding in a seemingly harmless app
Although it has since been removed, Threat Fabric’s researchers recently found the Anatsa banking trojan hiding in a PDF viewer app on the Google Play Store called “Document Viewer – File Reader” published by the developer “Hybrid Cars Simulator, Drift & Racing,” according to a new report.
Based on a screenshot of the app’s download page taken by the cybersecurity firm, more than 50,000 Android users downloaded this malicious app before it was taken down. If you did download this app, you should stop what you’re doing and immediately manually remove it from your phone.
Just like with other malicious apps, Threat Fabric found that this one used a sneaky tactic where the app was “clean” until it raked up enough users. Once it became popular, though, its creator or hackers who hijacked the app then added malicious code to it via an update.
As you might have guessed, this injected code contains the Anatsa banking trojan, which is installed on a vulnerable Android device as a separate app. By connecting to a hacker-controlled server, malware is able to get a list of targeted apps, then looks for them on the infected device. If any of them are found, then overlay attacks are used to steal user credentials from them.
This latest campaign adds a new trick, though, to prevent users from taking action until it’s too late. You know those ‘down for scheduled maintenance’ error messages you often see when trying to check your account balance? Well, Anatsa now shows them too over your legitimate banking apps to hide its malicious activities in the background, and by the time the message is gone, so too are your banking credentials.
Google has since removed the latest malicious app spreading the Anatsa banking trojan from the Play Store. However, if you did download it, you need to remove it and then run a full system scan using Google Play Protect. Likewise, it’s also recommended that you reset your bank credentials just in case they ended up in the wrong hands.
How to stay safe from Android malware
While I often recommend sticking to official app stores and not sideloading apps, this doesn’t always work due to malicious apps. For this reason, even if you’re extra careful when installing new apps, you could accidentally end up infecting your Android phone with malware.
This is why you want to carefully scrutinize any app you’re thinking about installing. Check its rating and reviews on the Play Store, and since these can be faked, you also want to look for external reviews on other sites. Video reviews are even better if you can find them, since they give you a chance to see the app in question in action before you download it.
At the same time, you also want to limit the number of apps you have installed on your phone overall. The reason for this is that with fewer apps, you’re less likely to have one of the apps you do have installed go bad after an update.
Likewise, it’s always a good idea to stick to known, trusted developers when installing new apps. You also want to ask yourself if you really need a new app or if one of your existing apps or even your phone itself can accomplish the same functionality.
As for staying safe from Android malware, you want to make sure that Google Play Protect is enabled on your phone. This free and pre-installed security app scans all of your existing apps and any new ones you download for malware to help keep you and your devices safe. However, for extra protection, you may want to consider installing one of the best Android antivirus apps alongside it.
Malicious apps are one of the easiest ways for hackers to establish a foothold on your devices, and as a result, I don’t see them going away anytime soon. This is why you always need to be extra careful when installing new apps on your phone, even if they come from official app stores.
